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System  Dynamics  Approach 


A  method  and  supporting  toolset 

•  To  holistically  model,  document,  and  analyze 

•  Complex  problems  as  they  evolve  over  time 

•  And  develop  effective  mitigation  strategies 

•  That  balance  competing  concerns 

System  Dynamics  supports  simulation  to 

•  Validate  characterization  of  probiem 

•  Test  out  alternate  mitigation  strategies 
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Powerful  Tenet  of  SD 


The  dynamic  behavior  of  a  system  is  captured  by  its  feedback 
structure. 

•  By  decomposing  the  causal  structure  of  the  system  into  its  feedback 
loops,  and 

•  Understanding  which  loop  is  strongest  (dominating)  at  a  given  point 
in  time, 

•  One  can  understand  and  communicate  the  system’s  behavior  over 
time 

SD  approach  emphasizes  endogenous  viewpoint 

•  “System”  boundary  is  defined  based  on  scope  of  the  problem 

•  Includes  soft  as  well  as  hard  factors 

•  Different  than  conventional  (“hard”)  operations  research 
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Typical  SD  Modeling  and  Analysis  Approach 


1.  Define  problem 

2.  Develop  initial  dynamic  hypothesis 

-  i 

3.  Refine  SD  model  of  problematic  behavior 

-  i 

4.  Analyze/test  model  and  propose  mitigations 

5.  Show  how  proposed  mitigations  reduce  the  problematic  behavior 
6a.  Refine  dynamic  hypothesis  or  proposed  mitigations  and  iterate 

y 

OR 

6b.  Declare  modeling  effort  complete 
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Payoffs  for  SD  Analysis 


Policy/practitioner  guidance  for  improvement 
Training  course  development  and  enhancement 
Management  decision  support  tool  development 


Depending  on  assumptions  made,  payoffs  may  benefit 

•  Individual  organization 

•  Select  group  of  organizations  (e.g.,  critical  infrastructure  sector) 

•  Organizations  in  general 
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Representing  Feedback  Structure 


System  Dynamics  models  represent  abstract  behavior  of 
system  over  time 

Model  variables  represent  system  elements  that  are 
important  to  understand  and  represent  essential  behavior 

Feedback  structure  represented  using  influence 
diagrams 
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System  Dynamics  Primer 


Varl 

<Varl> 

S 

Varl  - >  Var2 


Varl 

- >  Var2 

Varl  - 

- >  Var2 

Variable  -  anything  of  interest  in  the  problem  being 
modeled. 

Ghost  Variable  -  variable  acting  as  a  placeholder 
for  a  variable  occurring  somewhere  else 

Positive  Influence  -  values  of  variables  move  in 
the  same  direction  (e.g.,  source  increases,  target 
increases) 

Negative  Influence  -  values  of  variables  move  in 
the  opposite  direction  (e.g.,  source  increases,  the 
target  decreases) 

Delay  -significant  delay  from  when  Var1  changes  to 
when  Var2  changes 
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System  Dynamics  Primer  -  Continued 


Loop 

Character¬ 

ization 


Loop 

Character¬ 

ization 


Flowl 


Balancing  Loop  -  a  feedback  loop  that  moves 
variable  values  to  a  goal  state;  loop  color  identifies 
circular  influence  path 

Reinforcing  Loop  -  a  feedback  loop  that  moves 
variable  values  consistently  upward  or  downward; 
loop  color  identifies  circular  influence  path 

Stock  -  special  variable  representing  a  pool  of 
materials,  money,  people,  or  other  resources. 

Flow  -  special  variable  representing  a 
process  that  directly  adds  to  or  subtracts  from 
a  stock. 


Cloud  -  source  or  sink  (represents  a  stock 
outside  the  model  boundary) 
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Abstract  Model  of  Insider  IT  Sabotage 


Simulation  Model  of  Insider  IT  Sabotage 
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Insider  Fraud  Model:  High  Level  Positions 


having  "no  other  wil  "make  things 


r\ 
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Insider  Fraud  Model:  Low  Level  Positions 
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Insider  IP  Theft  Model:  Entitled  Independent 


insider  desire  to 


eontribute  to 


insider  sense  of 
loyalty  to 
organization 
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IP  Theft  Model:  Ambitious  Leader 
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Unintentional 


Threat  Model 
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Points  of  Contact 


Matthew  Collins 
CERT  Insider  Threat  Center 
Software  Engineering  Institute 
Carnegie  Mellon  University 
4500  Fifth  Avenue 
Pittsburgh,  PA  15213-3890 
+1  412  268-9152 -Phone 
mlcollins@cert.orq  -  Email 


Software  Engineering  Institute 


CarncgieMellon 


Questions? 


17 


